4. What is project risk? Explain the various techniques used for measurement of project risk?
4.What is project risk? Explain the various techniques used for measurement of project risk.
There are a host of external factors which may play a role in determining the outcome regarding whether a project has been successful or not. These are called Project risks. The formal definition of a risk is an event or occurrence that may negatively impact the project.
Risks can be mitigated and even prevented. However this requires a good amount of understanding of the risks and advance planning. It is for this reason that DMAIC methodology in Six Sigma has risk assessment as an inbuilt step. You cannot ignore it if you truly follow the DMAIC philosophy.
To better understand risks, it is essential that we understand that risks fall into categories. The major categories of risk are as follows:
Stakeholder Risk: Stakeholders are people who have any kind of vested interest in the performance of the project. Common examples of stakeholders are as regulators, customers, suppliers, managers, customers etc. Stakeholder risk arises from the fact that stakeholders may not have the inclination or the capabilities required to execute the project.
Regulatory Risk: An organization faces several kinds of regulations. It faces rules from the local and state government where they operate. It faces rules of the national government where it operates. It also faces rules of international trade bodies. To add to all this there are internal regulations which have been put into place for better internal governance and avoiding fraud. The Six Sigma team has to ensure that the project does not adversely affect the compliance towards these risks in any way whatsoever.
Technology Risk: Many times the solution proposed by the project requires implementation of a new technology. However the organization may not be in a position to acquire these technologies due to financial or operational constraints. This poses obvious risks to the project as it can adversely affect the implementation of the proposed solution.
External Risk: The execution of a project requires help and support from several outside vendors as well. The dependence on these vendors poses obvious risk to the execution of the project. These vendors lie outside the direct control of any organization. The organization may have very little ways to predict issues arising from external sources.
Execution Risk: The project also faces risk of not receiving continued support from the organization. This is because the organization may discover better use of their resources in the additional time. It is also likely that the project may be poorly scoped causing it to spill over leading to wastage of resources prompting the management to abandon the project.
An experienced six sigma team will usually give the risk assessment part to its most capable member. The better prepared the risk assessment plans, the better chance the organization has of successfully implementing that project.
Detecting the risks present in a project is an art in itself. It comes down to two basic methods; talking with people and reading documentation. A number of detection methods are given in the table below.
Detection Method Advantages Disadvantages
Interviews -sensitive matters are revealed quicker in a face to face meeting
-helps to involve people in risk management -may require a lot of time
Brainstorming -A lot of results in a short period
-Risks are instantly shared with others -not everyone speaks up freely in a group
-planning the brainstorm may be a hassle
Consulting experts -independent view on matters
-may have expertise not available in the company -costs
-disclosure of sensitive information
Study project documentation -old ‘forgotten’ risks are often documented
-insight in the working procedures of a project team -risks that have already been solved may resurface
Study specialist literature -shows the “state of the art” knowledge and the available solutions
-requires a lot of time -specialist literature may be written for an academic audience
-costs of acquisition
Stakeholders Analysis -understanding the interests, attitudes and potential actions of stakeholders -Access to stakeholders
-Finding an appropriate representative of interest groups.
Research Resources -find resource risks -Availability of detailed plans is a necessity
Review planning -find bottlenecks in the project plan -focuses almost entirely on schedule risks
Research interfaces -find interfaces that could cause risks -interfaces aren’t always easy to recognize
Visit locations -first hand experience increases understanding of the project environment -may require a lot of time
Research assumptions -understand crucial project assumptions -requires good analytical skills
Checklists -easy and quick to use
-can contain a lot of project specific knowledge -results may be too general
After you finish planning your project's scope, timeline, budget, tasks and milestones, there is still a lot of planning left to do. A successful project manager is one who plans ahead for the unexpected and assesses the possible impact future risks can have on the overall project. Involve your team in the process to be sure you have identified all of the adverse events that can happen so that you have everything covered.
Identify events that could happen throughout the life of the project that would adversely impact it. An adverse affect is one that would cause the project to come in over budget, miss the deadlines or fail altogether. These project risks can come from a broad range of factors, including human, operational, reputational, procedural, natural, financial, technical, political and others. An operational risk, for example, could be how a disruption in supplies would impact the project, while a natural risk could stem from a natural disaster.
Transfer risks to external stakeholders where possible. If you have identified supply chain issues as a potential risk, you might consider transferring that to a company procurement or operations specialist.
Prioritize the risks that you have identified. Rank each risk in terms of impact, how likely or unlikely it is that it will actually happen and how well you can control the event if it does happen. When assessing a risk's impact, consider how it could affect the project's scope, budget and timeline. Where appropriate, determine how much each risk would cost the company if it did occur.
Calculate risk exposure based on impact, probability and controllability. Rate each on a scale that you determine, such as insignificant to critical or high to low. While it is human nature to put more emphasis on risks that could cause more damage to the project, if it is an insignificant risk with a small probability of actually occurring, you should focus on other risks instead.
Put risk avoidance and mitigation strategies into place. Start by reviewing your project's scope and eliminating any pieces that are not essential to a successful completion. As you narrow the scope, you may find that many of the identified risks are no longer relevant. For risks that have a high level of controllability, make plans for how you can reduce the risk of them occurring and minimize their impact if they do occur.
Create contingency strategies, sometimes called "Plan B." Assign each risk to one team member who will watch for indicators or symptoms of the risk throughout the project. This will help you to recognize developing risks early on, giving you the opportunity to put contingencies in place before they become critical. Identify what those contingencies are, or how you will counteract the risk's impact as it happens.
Risk Management - Useful Tools and Techniques
In this section, the tools and methodologies that you can use during various phases of managing a risk are briefly described.
There are many tools and techniques for Risk identification. Documentation Reviews
Information gathering techniques
Delphi technique – here a facilitator distributes a questionnaire to experts, responses are summarized (anonymously) & re-circulated among the experts for comments. This technique is used to achieve a consensus of experts and helps to receive unbiased data, ensuring that no one person will have undue influence on the outcome
Root cause analysis – for identifying a problem, discovering the causes that led to it and developing preventive action
Assumption analysis -this technique may reveal an inconsistency of assumptions, or uncover problematic assumptions.
Cause and effect diagrams
System or process flow charts
Influence diagrams – graphical representation of situations, showing the casual influences or relationships among variables and outcomes
Expert judgment – individuals who have experience with similar project in the not too distant past may use their judgment through interviews or risk facilitation workshops
Tools and Techniques for Qualitative Risk Analysis
Risk probability and impact assessment – investigating the likelihood that each specific risk will occur and the potential effect on a project objective such as schedule, cost, quality or performance (negative effects for threats and positive effects for opportunities), defining it in levels, through interview or meeting with relevant stakeholders and documenting the results.
Probability and impact matrix – rating risks for further quantitative analysis using a probability and impact matrix, rating rules should be specified by the organization in advance.
Risk categorization – in order to determine the areas of the project most exposed to the effects of uncertainty. Grouping risks by common root causes can help us to develop effective risk responses.
Risk urgency assessment - In some qualitative analyses the assessment of risk urgency can be combined with the risk ranking determined from the probability and impact matrix to give a final risk sensitivity rating. Example- a risk requiring a near-term responses may be considered more urgent to address.
Expert judgment – individuals who have experience with similar project in the not too distant past may use their judgment through interviews or risk facilitation workshops.
Tools and Techniques for Quantities Risk Analysis
Data gathering & representation techniques
Interviewing–You can carry out interviews in order to gather an optimistic (low), pessimistic (high), and most likely scenarios.
Probability distributions– Continuous probability distributions are used extensively in modeling and simulations and represent the uncertainty in values such as tasks durations or cost of project components\ work packages. These distributions may help us perform quantitative analysis. Discrete distributions can be used to represent uncertain events (an outcome of a test or possible scenario in a decision tree)
Quantitative risk analysis & modeling techniques- commonly used for event-oriented as well as project-oriented analysis:
Sensitivity analysis – For determining which risks may have the most potential impact on the project. In sensitivity analysis one looks at the effect of varying the inputs of a mathematical model on the output of the model itself. Examining the effect of the uncertainty of each project element to a specific project objective, when all other uncertain elements are held at their baseline values. There may be presented through a tornado diagram.
Expected Monetary Value analysis (EMV) – A statistical concept that calculates the average outcome when the future includes scenarios that may or may not happen (generally: opportunities are positive values, risks are negative values). These are commonly used in a decision tree analysis.
Modeling & simulation – A project simulation, which uses a model that translates the specific detailed uncertainties of the project into their potential impact on project objectives, usually iterative. Monte Carlo is an example for a iterative simulation.
Cost risk analysis - cost estimates are used as input values, chosen randomly for each iteration (according to probability distributions of these values), total cost will be calculated.
Schedule risk analysis - duration estimates & network diagrams are used as input values, chosen at random for each iteration (according to probability distributions of these values), completion date will be calculated. One can check the probability of completing the project by a certain date or within a certain cost constraint.
Expert judgment – used for identifying potential cost & schedule impacts, evaluate probabilities, interpretation of data, identify weaknesses of the tools, as well as their strengths, defining when is a specific tool more appropriate, considering organization’s capabilities & structure, and more.
Risk Response Planning
Risk reassessment – project risk reassessments should be regularly scheduled for reassessment of current risks and closing of risks. Monitoring and controlling Risks may also result in identification of new risks.
Risk audits – examining and documenting the effectiveness of risk responses in dealing with identified risks and their root causes, as well as the effectiveness of the risk management process. Project Manager’s responsibility is to ensure the risk audits are performed at an appropriate frequency, as defined in the risk management plan. The format for the audit and its objectives should be clearly defined before the audit is conducted.
Variance and trend analysis – using performance information for comparing planned results to the actual results, in order to control and monitor risk events and to identify trends in the project’s execution. Outcomes from this analysis may forecast potential deviation (at completion) from cost and schedule targets.
Technical performance measurement – Comparing technical accomplishments during project execution to the project management plan’s schedule. It is required that objectives will be defined through quantifiable measures of technical performance, in order to compare actual results against targets.
Reserve analysis – compares the amount of remaining contingency reserves (time and cost) to the amount of remaining risks in order to determine if the amount of remaining reserves is enough.
Status meetings – Project risk management should be an agenda item at periodic status meetings, as frequent discussion about risk makes it more likely that people will identify risks and opportunities or advice regarding responses.